1. Field of the Invention
The present invention concerns a method and an arrangement for controlling access to stored, sensitive data, in particular for controlling access by one apparatus to sensitive data stored in another apparatus.
2. Description of the Prior Art
Modern technical apparatuses, and in particular medical apparatuses (for example magnetic resonance tomography systems) exhibit a high complexity. For example, given the malfunction of a magnetic resonance tomography system it is frequently not sufficient to use a single, generally qualified employee to remedy the error. Rather, in many cases it is necessary to draw on specialized expertise for the respective error from among a pool of highly-qualified experts.
This is particularly problematic in the case of geographically distributed locations of the technical apparatuses, since such highly-qualified experts are not comparably available at all locations.
Moreover, in the event of an error message in a geographically-distributed arrangement of advanced technical apparatuses, the highly-qualified workers must cover long routes in order to repair a faulty technical apparatus.
The long service times of the experts dispatched for the repair have as a consequence long downtimes of the respective technical apparatuses.
In this context, it should be noted that such technical apparatuses are frequently controlled by complex software programs. The high complexity of the software used leads to a major part of the failures of complex technical apparatuses (such as, for example, magnetic resonance tomography system). Such systems fail less frequently due to hardware errors than due to software errors.
To solve this problem, in the prior art it is known to implement error (failure) correction of a software-controlled, complex, technical apparatus via remote maintenance.
For this, the technical apparatus is connected, for example, over the Internet with a service center at which a number of highly-qualified employees are collected.
In the case of a failure, the technical apparatus automatically sends an error message to the service center.
The experts collected at the service center analyze the failure using the transmitted error message and try to correct the failure by transferring of correct software to the technical apparatus over the Internet.
U.S. Application Publication No. 2003/0154274 discloses a system that allows an efficient data exchange within a network given the use of portable data stations. The system has a first data station that stores specific data as well as a second data station that controls access rights to the data stored in the first data station. The second data station authorities further data stations for access to desired date. For this purpose, the first data station receives a query in the form of a data token and, under the condition that the data token is valid, outputs the corresponding data to the requester. To create such a data token, it is necessary that a user of the first data station expressly agree to the respective data exchange with a user of a requesting data station.
Due to the general legal frameworks in effect in many countries, however, it is presently not possible to also use a remote maintenance system for medical apparatuses, because medical apparatuses almost always contain sensitive patient data and thus are subject to data protection regulations regarding patient privacy.
For example, according to the legal requirements in Germany, such sensitive patient data may be made accessible only to the patient's doctor or an assistant of the doctor designated by the doctor.
In order to be considered as an assistant of the doctor in the sense of the legal regulations, an expert used for the error correction of the medical apparatus must be known to the doctor, and the total number of the experts for whom the doctor is responsible must be severely limited. Only in this case can involvement of the respective experts in the organization of the doctor be permitted, whereby access to sensitive patient data is allowed.
As defined by the regulations for data protection, however, such sensitive data occur not only in the field of medicine, but also in other fields.